[Puppet - Bug #7110] (Unreviewed) Better SSL error message when retrieved certificate does not match private key

[tickets]

Issue #7110 has been reported by Matt Robinson.

----------------------------------------
Bug #7110: Better SSL error message when retrieved certificate does not match 
private key
https://projects.puppetlabs.com/issues/7110

Author: Matt Robinson
Status: Unreviewed
Priority: Normal
Assignee: 
Category: 
Target version: 
Affected Puppet version: 2.6.0
Keywords: 
Branch: 


If you try to connect to a puppet master fort the first time using an agent 
that already has a signed cert on the master (this may happen if you need to 
wipe your agent but forget to revoke the dead agent's cert on the master), you 
get the following:

    /Users/matthewrobinson/work/puppet/lib/puppet/ssl/host.rb:166:in 
`certificate'
    /Users/matthewrobinson/work/puppet/lib/puppet/ssl/host.rb:227:in 
`wait_for_cert'
    /Users/matthewrobinson/work/puppet/lib/puppet/application/agent.rb:194:in 
`setup_host'
    /Users/matthewrobinson/work/puppet/lib/puppet/application/agent.rb:259:in 
`setup'
    /Users/matthewrobinson/work/puppet/lib/puppet/application.rb:304:in `run'
    /Users/matthewrobinson/work/puppet/lib/puppet/application.rb:420:in `hook'
    /Users/matthewrobinson/work/puppet/lib/puppet/application.rb:304:in `run'
    /Users/matthewrobinson/work/puppet/lib/puppet/application.rb:411:in 
`exit_on_fail'
    /Users/matthewrobinson/work/puppet/lib/puppet/application.rb:304:in `run'
    /Users/matthewrobinson/work/puppet/sbin/puppetd:4
    err: Could not request certificate: Retrieved certificate does not match 
private key; please remove certificate from
     server and regenerate it with the current key

The error message should say which retrieved certificate (presumably it's 
retrieving the the already signed cert for the old agent) and which private key 
(presumably it's the private key that was generated before sending a CSR to the 
master) don't match.  This could be done by including the CN for the cert and 
some fingerprints or something so you can tell what doesn't match what.  And 
then some more detail on HOW to remove the certificate from the server would be 
helpful.


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to puppet-bugs@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-bugs+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.